[v6.1] WARNING in mac80211_hwsim_tx
0 views
Skip to first unread message
syzbot
May 29, 2026, 1:05:30 PM (18 hours ago) May 29
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11ab0041580000
kernel config: https://syzkaller.appspot.com/x/.config?x=29caf4bae4b0566f
dashboard link: https://syzkaller.appspot.com/bug?extid=83f2665d78a9a7d52ba5
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c280bc44fbea/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b05ff3f6b222/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1d175e14735/Image-dcbcab9d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+83f266...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6741 at drivers/net/wireless/mac80211_hwsim.c:1906 mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
Modules linked in:
CPU: 1 PID: 6741 Comm: syz.0.570 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
lr : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
sp : ffff800021516ee0
x29: ffff800021516f60 x28: ffff0000f5e38e80 x27: ffff0000cf28b3f0
x26: 0000000000000000 x25: ffff0000f5e3b5d8 x24: 1fffe00019e5167e
x23: 0000000000000014 x22: 0000000000000028 x21: 0000000000000028
x20: dfff800000000000 x19: ffff0000cf28b3c0 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d93d8 x15: 0000000000000002
x14: 0000000000000002 x13: 1fffe00019e51678 x12: 0000000000080000
x11: 00000000000005ac x10: ffff800022619000 x9 : ffff80000d472c34
x8 : 00000000000005ad x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000010
x2 : ffff0000cf28b3c0 x1 : 0000000000000014 x0 : 0000000000000028
Call trace:
mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
drv_tx net/mac80211/driver-ops.h:35 [inline]
ieee80211_tx_frags+0x304/0x6ec net/mac80211/tx.c:1773
__ieee80211_tx+0x1a4/0x3f4 net/mac80211/tx.c:1827
ieee80211_tx+0x290/0x3dc net/mac80211/tx.c:2007
ieee80211_xmit+0x274/0x350 net/mac80211/tx.c:2099
ieee80211_monitor_start_xmit+0x780/0xe0c net/mac80211/tx.c:2468
__netdev_start_xmit include/linux/netdevice.h:4894 [inline]
netdev_start_xmit include/linux/netdevice.h:4908 [inline]
xmit_one net/core/dev.c:3695 [inline]
dev_hard_start_xmit+0x234/0x8cc net/core/dev.c:3711
sch_direct_xmit+0x210/0x474 net/sched/sch_generic.c:345
__dev_xmit_skb net/core/dev.c:3932 [inline]
__dev_queue_xmit+0x13bc/0x3118 net/core/dev.c:4337
dev_queue_xmit+0x24/0x34 include/linux/netdevice.h:3051
packet_snd net/packet/af_packet.c:3127 [inline]
packet_sendmsg+0x2f9c/0x3fd0 net/packet/af_packet.c:3158
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
__sys_sendto+0x324/0x440 net/socket.c:2152
__do_sys_sendto net/socket.c:2164 [inline]
__se_sys_sendto net/socket.c:2160 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2160
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1027
hardirqs last enabled at (1026): [<ffff800011b2cf6c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (1026): [<ffff800011b2cf6c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (1027): [<ffff800011a41dec>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1018): [<ffff800008030954>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1024): [<ffff80000fddb77c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dcbcab9d7079 Linux 6.1.174
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11ab0041580000
kernel config: https://syzkaller.appspot.com/x/.config?x=29caf4bae4b0566f
dashboard link: https://syzkaller.appspot.com/bug?extid=83f2665d78a9a7d52ba5
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c280bc44fbea/disk-dcbcab9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b05ff3f6b222/vmlinux-dcbcab9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1d175e14735/Image-dcbcab9d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+83f266...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6741 at drivers/net/wireless/mac80211_hwsim.c:1906 mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
Modules linked in:
CPU: 1 PID: 6741 Comm: syz.0.570 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
lr : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
sp : ffff800021516ee0
x29: ffff800021516f60 x28: ffff0000f5e38e80 x27: ffff0000cf28b3f0
x26: 0000000000000000 x25: ffff0000f5e3b5d8 x24: 1fffe00019e5167e
x23: 0000000000000014 x22: 0000000000000028 x21: 0000000000000028
x20: dfff800000000000 x19: ffff0000cf28b3c0 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d93d8 x15: 0000000000000002
x14: 0000000000000002 x13: 1fffe00019e51678 x12: 0000000000080000
x11: 00000000000005ac x10: ffff800022619000 x9 : ffff80000d472c34
x8 : 00000000000005ad x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000010
x2 : ffff0000cf28b3c0 x1 : 0000000000000014 x0 : 0000000000000028
Call trace:
mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
drv_tx net/mac80211/driver-ops.h:35 [inline]
ieee80211_tx_frags+0x304/0x6ec net/mac80211/tx.c:1773
__ieee80211_tx+0x1a4/0x3f4 net/mac80211/tx.c:1827
ieee80211_tx+0x290/0x3dc net/mac80211/tx.c:2007
ieee80211_xmit+0x274/0x350 net/mac80211/tx.c:2099
ieee80211_monitor_start_xmit+0x780/0xe0c net/mac80211/tx.c:2468
__netdev_start_xmit include/linux/netdevice.h:4894 [inline]
netdev_start_xmit include/linux/netdevice.h:4908 [inline]
xmit_one net/core/dev.c:3695 [inline]
dev_hard_start_xmit+0x234/0x8cc net/core/dev.c:3711
sch_direct_xmit+0x210/0x474 net/sched/sch_generic.c:345
__dev_xmit_skb net/core/dev.c:3932 [inline]
__dev_queue_xmit+0x13bc/0x3118 net/core/dev.c:4337
dev_queue_xmit+0x24/0x34 include/linux/netdevice.h:3051
packet_snd net/packet/af_packet.c:3127 [inline]
packet_sendmsg+0x2f9c/0x3fd0 net/packet/af_packet.c:3158
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
__sys_sendto+0x324/0x440 net/socket.c:2152
__do_sys_sendto net/socket.c:2164 [inline]
__se_sys_sendto net/socket.c:2160 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2160
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1027
hardirqs last enabled at (1026): [<ffff800011b2cf6c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (1026): [<ffff800011b2cf6c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (1027): [<ffff800011a41dec>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1018): [<ffff800008030954>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1024): [<ffff80000fddb77c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages